Unrated severityNVD Advisory· Published May 13, 2009· Updated Apr 23, 2026
CVE-2009-0162
CVE-2009-0162
Description
Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.
Affected products
55cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 54 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=3.2.2
- cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0:beta:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- lists.apple.com/archives/security-announce/2009/May/msg00000.htmlnvdPatchVendor Advisory
- lists.apple.com/archives/security-announce/2009/May/msg00001.htmlnvdPatchVendor Advisory
- lists.apple.com/archives/security-announce/2009/May/msg00002.htmlnvdPatchVendor Advisory
- support.apple.com/kb/HT3549nvdPatchVendor Advisory
- www.us-cert.gov/cas/techalerts/TA09-133A.htmlnvdUS Government Resource
- secunia.com/advisories/35056nvd
- secunia.com/advisories/35074nvd
- support.apple.com/kb/HT3550nvd
- www.securityfocus.com/bid/34925nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2009/1297nvd
- www.vupen.com/english/advisories/2009/1298nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/50476nvd
News mentions
0No linked articles in our index yet.